We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Quick Help Needed Pls!! Virus!! System Security
Comments
-
yes , follow reluctants advice , it's to remove a dodgy entry
I think the restore has stopped the infection, this is just tidying upEx forum ambassador
Long term forum member0 -
Okay, thanks for being so patient with me. I have followed reluctant_spender's instructions and here is the latest ComboFix log
ComboFix 09-02-21.01 - Jackie 2009-02-22 8:20:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.826 [GMT 0:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix1.exe
Command switches used :: c:\documents and settings\Jackie\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.
2009-02-22 07:22 . 2009-02-11 10:19 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 07:22 . 2009-02-11 10:19 15,504 --a
c:\windows\system32\drivers\mbam.sys
2009-02-21 12:46 . 2009-02-21 12:46 <DIR> d
c:\documents and settings\All Users\Application Data\SITEguard
2009-02-21 12:45 . 2009-02-21 12:45 <DIR> d
c:\program files\Common Files\iS3
2009-02-21 12:45 . 2009-02-22 06:32 <DIR> d
c:\documents and settings\All Users\Application Data\STOPzilla!
2009-02-21 10:54 . 2009-02-22 06:33 <DIR> d
c:\program files\SUPERAntiSpyware
2009-02-21 10:54 . 2009-02-21 10:54 <DIR> d
c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com
2009-02-21 10:02 . 2009-02-22 06:32 <DIR> d
C:\RECYCLER(2)
2009-02-21 08:24 . 2009-02-22 06:40 <DIR> d
C:\ComboFix
2009-02-21 08:03 . 2009-02-21 08:03 <DIR> d
c:\program files\Trend Micro
2009-02-21 06:34 . 2009-02-22 06:32 <DIR> d
c:\documents and settings\All Users\Application Data\1527240312
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 08:30
d
w c:\documents and settings\All Users\Application Data\Kontiki
2009-02-22 07:30
d
w c:\program files\Malwarebytes' Anti-Malware
2009-02-20 13:11
d
w c:\program files\McAfee
2008-09-21 19:36 61,224 -c--a-w c:\documents and settings\Jackie\GoToAssistDownloadHelper.exe
2007-09-27 17:20 168 -csh--r c:\windows\system32\3B8AC5DE95.sys
2007-09-27 17:20 2,516 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-28 02:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\1527240312 ----
2009-02-22 06:32 97 --a
c:\documents and settings\All Users\Application Data\1527240312\config.udb
2009-02-21 06:34 241 --a
c:\documents and settings\All Users\Application Data\1527240312\init.udb
2009-02-21 06:34 12930 --a
c:\documents and settings\All Users\Application Data\1527240312\Langs.udb
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2009-02-22"]SnapShot@2009-02-22[/EMAIL]_ 6.45.31.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-22 06:39:18 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-22 06:51:23 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-22 06:39:18 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-22 06:51:23 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-22 06:39:18 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-22 06:51:23 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-22 08:24:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_224.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [BU]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-18 68856]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-08-29 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-09-02 83968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 28672]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-01-03 26112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-03 98304]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 28672]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2004-08-25 28672]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-06-21 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2008-03-31 884840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Common Files\\aol\\1190534892\\ee\\aolsoftware.exe"=
"c:\\Program Files\\NETGEAR\\WG111T\\wlan111t.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-02 206096]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-02-22 17149]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!97da2ef8-9a7b-11db-a1e0-000feac34a73}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.sky.com/
uInternet Settings,ProxyOverride = localhost
IE: !!!!08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: bwfile-8876480 - !!9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\d0m0bs06.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 08:31:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll
.
Other Running Processes
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\progra~1\COMMON~1\aol\ACS\AOLacsd.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Kontiki\KService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\PC Connectivity Solution\NclBTHandler.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-22 8:34:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-22 08:33:46
ComboFix2.txt 2009-02-22 06:47:17
ComboFix3.txt 2009-02-21 08:33:36
Pre-Run: 91,675,389,952 bytes free
Post-Run: 91,690,045,440 bytes free
200 --- E O F --- 2009-02-10 10:33:23
This makes no sense at all to me, am I clear now??
TIAIf at first you don't succeed ........
Alternative autism therapies should be free!!0 -
I would say yes if the pop ups have gone
download and run this to tidy up
www.ccleaner.com
as it installs untick the box to install the Yahoo toolbar , then run it and let it remove all it finds , will just remove all the junk thats built upEx forum ambassador
Long term forum member0 -
Thanks Browntoa. This is the third time I have typed this reply. I am now using my daughter's laptop as I cannot load any webpages. I downloaded the cleaner (using the "alternative download" option as the other requires paypal. I then got the message if I run cleaner it will permanently delete files, cookies and recent documents which I don't really want deleted. However if this is necessary I will.
Now I am concerned that downloading this has done something else to my computer as although it states I am connected to the internet, it willnot display any webpages and I have the ccleaner icon in the address bar at the top (even though I was trying to connect to mse) :eek:
Shall I uninstall the cleaner??
TIAIf at first you don't succeed ........ Alternative autism therapies should be free!!0 -
Okay, my computer screen just went bright blue (after not being able to display webpages) and I got loads of error messages and computer shut down. When I turned back on I got the Microsoft message "this system has recovered from a serious error". I am now able to get on webpages but they are displaying the ccleaner icon in the address bar. I'm a bit wary of this, should I uninstall the cleaner??If at first you don't succeed ........ Alternative autism therapies should be free!!0
-
I still see a file that we need to get rid of.
Does your computer still run?0 -
I'm using my computer again now, what should I do? Shall I uninstall this cleaner??If at first you don't succeed ........ Alternative autism therapies should be free!!0
-
CCleaner is normally pretty good and stable.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:Folder::
c:\documents and settings\All Users\Application Data\1527240312
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.0 -
Hi reluctant_spender
Here is the latest Combofix log
ComboFix 09-02-21.01 - Jackie 2009-02-22 9:55:48.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1001 [GMT 0:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix1.exe
Command switches used :: c:\documents and settings\Jackie\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\1527240312
c:\documents and settings\All Users\Application Data\1527240312\config.udb
c:\documents and settings\All Users\Application Data\1527240312\init.udb
c:\documents and settings\All Users\Application Data\1527240312\Langs.udb
.
((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.
2009-02-22 08:50 . 2009-02-22 08:50 <DIR> d
c:\program files\CCleaner
2009-02-22 07:22 . 2009-02-11 10:19 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 07:22 . 2009-02-11 10:19 15,504 --a
c:\windows\system32\drivers\mbam.sys
2009-02-21 12:46 . 2009-02-21 12:46 <DIR> d
c:\documents and settings\All Users\Application Data\SITEguard
2009-02-21 12:45 . 2009-02-21 12:45 <DIR> d
c:\program files\Common Files\iS3
2009-02-21 12:45 . 2009-02-22 06:32 <DIR> d
c:\documents and settings\All Users\Application Data\STOPzilla!
2009-02-21 10:54 . 2009-02-22 06:33 <DIR> d
c:\program files\SUPERAntiSpyware
2009-02-21 10:54 . 2009-02-21 10:54 <DIR> d
c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com
2009-02-21 10:02 . 2009-02-22 06:32 <DIR> d
C:\RECYCLER(2)
2009-02-21 08:24 . 2009-02-22 06:40 <DIR> d
C:\ComboFix
2009-02-21 08:03 . 2009-02-21 08:03 <DIR> d
c:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 09:57
d
w c:\documents and settings\All Users\Application Data\Kontiki
2009-02-22 07:30
d
w c:\program files\Malwarebytes' Anti-Malware
2009-02-20 13:11
d
w c:\program files\McAfee
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-09-21 19:36 61,224 -c--a-w c:\documents and settings\Jackie\GoToAssistDownloadHelper.exe
2007-09-27 17:20 168 -csh--r c:\windows\system32\3B8AC5DE95.sys
2007-09-27 17:20 2,516 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-28 02:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2009-02-22"]SnapShot@2009-02-22[/EMAIL]_ 6.45.31.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-22 06:39:18 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-22 06:51:23 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-22 06:39:18 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-22 06:51:23 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-22 06:39:18 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-22 06:51:23 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-22 09:19:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6d4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [BU]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-18 68856]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-08-29 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-09-02 83968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 28672]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-01-03 26112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-03 98304]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 28672]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2004-08-25 28672]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-06-21 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2008-03-31 884840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Common Files\\aol\\1190534892\\ee\\aolsoftware.exe"=
"c:\\Program Files\\NETGEAR\\WG111T\\wlan111t.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-02 206096]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-02-22 17149]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!97da2ef8-9a7b-11db-a1e0-000feac34a73}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.sky.com/
uInternet Settings,ProxyOverride = localhost
IE: !!!!08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: bwfile-8876480 - !!9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\d0m0bs06.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 09:57:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\ACTIVEDS.dll
.
Completion time: 2009-02-22 10:00:09
ComboFix-quarantined-files.txt 2009-02-22 09:59:24
ComboFix2.txt 2009-02-22 08:34:23
ComboFix3.txt 2009-02-22 06:47:17
ComboFix4.txt 2009-02-21 08:33:36
Pre-Run: 91,660,087,296 bytes free
Post-Run: 91,654,791,168 bytes free
175 --- E O F --- 2009-02-10 10:33:23
Am I clear now........ please tell me I am
Do I have to do anything else?If at first you don't succeed ........ Alternative autism therapies should be free!!0 -
You are looking ok. - Did you install StopZilla?
If you have not done so already reboot your computer and just to check our work run the following scan - I warn you it will take a while to complete;
Please do a scan with Kaspersky Online Scanner
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Click on the Accept button and install any components it needs.- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- Save the file to your desktop.
- Copy and paste that information in your next post.
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards